The strdup(3) implementation in libc uses memcpy(3), not strlcpy(3).
There is no upside to using strlcpy(3) here if we know the length of
str before we copy it to the destination buffer.
... unless we're worried the length of str will change? Which would
be very paranoid. But if that's the case we should be checking that
the return value of strlcpy(3) equals len and calling fatal() if it
isn't.
ok?
Index: xmalloc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/xmalloc.c,v
retrieving revision 1.36
diff -u -p -r1.36 xmalloc.c
--- xmalloc.c 12 Nov 2019 22:32:48 -0000 1.36
+++ xmalloc.c 10 Mar 2022 01:06:54 -0000
@@ -85,8 +85,7 @@ xstrdup(const char *str)
len = strlen(str) + 1;
cp = xmalloc(len);
- strlcpy(cp, str, len);
- return cp;
+ return memcpy(cp, str, len);
}
int
